Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance
While NSO Group's Pegasus spyware is perhaps the highest-profile surveillance weapon used by repressive governments against civil society, a recently discovered, powerful mobile reconnaissance malware dubbed Hermit has come...
ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat
Security researchers are sounding the alarm on the malware tool dubbed ChromeLoader. It first surfaced in January as a consumer-focused, browser-hijacking credential stealer but has now evolved into a widely prevalent...
Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
Spell-checking features present in both the Google Chrome and Microsoft Edge browsers are leaking sensitive user information — including username, email, and passwords — to Google and Microsoft, respectively,...
Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info
Call it breach week: Hard on the heels of the Uber bombshell, American Airlines said that it suffered a data breach after a successful phishing attempt hooked a few...
Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack
Uber has attributed last week's massive breach at Uber to the notorious Lapsus$ hacking group and released additional details on the attack. Researchers say the incident has highlighted the risks...
Attacker Apparently Didn’t Have to Breach a Single System to Pwn Uber
Questions are swirling around Uber's internal security practices after an 18-year-old hacker gained what appears to have been complete administrative access to critical parts of the company's IT infrastructure...
DDoS Attack Against Eastern Europe Target Sets New Record
Researchers at Akamai are reporting a distributed denial-of-service (DDoS) attack in Eastern Europe, which set records by peaking at 704.8 Mpps as the cyberattackers tried to cripple the organization's business operations.
The attackers...
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
Thousands of Microsoft 365 credentials have been discovered stored in plaintext on phishing servers, as part of an unusual, targeted credential-harvesting campaign against real estate professionals. The attacks showcase...
Malware on Pirated Content Sites a Major WFH Risk for Enterprises
The conventional wisdom about there being no such thing as a free lunch appears to be especially true for those visiting websites offering "free" (read: pirated) movies, TV shows,...
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
Iranian threat actors have been on the radar and in the crosshairs of the US government and security researchers alike this month with what appears to be a ramp-up...
